Privacy Policy
Last updated: 18.03.2025
1. Introduction
Welcome to the Vienna Toy Library (“we,” “our,” “us”). We take your privacy seriously and are committed to protecting your personal data. This policy explains what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR).
2. Data We Collect and Why
| Category | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Name, email, password | Account creation, membership management | Contractual necessity |
| Payment data (via Stripe) | Subscription processing | Contractual necessity |
| Rental history | Track borrowed items, prevent losses | Legitimate interest |
| Security logs (incl. IP address) | Fraud prevention, website security | Legitimate interest |
| Cookie preferences | Store consent for analytics | Consent |
| Google Analytics data (if opted in) | Website performance analysis | Consent |
We do not store any data related to children. Only adults can create accounts.
3. How We Process Payments
We use Stripe to process payments. While we do not store your payment details directly, we have access to payment history through Stripe’s dashboard. Stripe processes your data under its own Privacy Policy.
4. How We Store and Retain Data
- We retain user data for as long as necessary to provide our services and comply with legal obligations.
- Some data (e.g., transaction records) may be retained for 7 years for tax compliance.
- Security logs are stored for 12 months to monitor and prevent fraud.
- Users can request data deletion, but some data may be anonymized or retained as required by law.
5. How We Use Cookies
We use cookies for essential functions and optional analytics.
- Essential cookies (always enabled): Required for login, security, and rental tracking.
- Analytics cookies (optional): We use Google Analytics to understand website usage.
6. Third-Party Services
- Stripe – Payment processing
- Brevo – Automated transactional emails (e.g., late return reminders)
- Cloudflare – Security and protection against cyber threats
- Cloudflare Turnstile – Spam protection for forms
- Google Maps – Displaying pickup/dropoff locations
- Google Analytics – To better understand how visitors use the website (optional)
We do not sell or share your data with advertisers.
7. Your Rights Under GDPR
As an EU resident, you have the right to:
- ✅ Access your personal data
- ✅ Request correction or deletion (subject to legal retention requirements)
- ✅ Withdraw consent (for cookies & analytics)
- ✅ Object to data processing in certain cases
To exercise these rights, please contact us using the form below.
8. Security Measures
We implement security measures such as Cloudflare protection, security plugins, IP filtering, and server scans to protect your data.
9. Contact Information
If you have any questions about this policy, use our contact form below.